Thursday, June 17, 2021

FRR opensource routing to CME MDP

 In this blog we will look at a simple  but effective means for deploying multicast router over frr to the CME multicast data platform


https://www.cmegroup.com/confluence/display/EPICSANDBOX/CME+Market+Data+Platform+Connectivity#CMEMarketDataPlatformConnectivity-Figure:GRETunnelwithinIPSecTunnel


note: You typically will get a ipv4 address that will be used for the pim-RP

Traffic for pim-joins and multicast will be delivered via the gre interface ( gre1 in my example )


You will need to install snapd & frr and have your gre1 interface defined b4 starting .



  sudo yum install snapd


  yum install -y https://github.com/FRRouting/frr/releases/download/frr-5.0.1/frr-5.0.1-2018070501.el7.centos.x86_64.rpm

   

  sudo snap install frr

   


 sudo systemctl enable --now snapd.socket

sample frr.conf


[kfelix@mcastrt1 ~]#  /var/lib/snapd/snap/bin/frr.vtysh -c "show running"

Building configuration...


Current configuration:

!

frr version 7.5.1

frr defaults traditional

hostname mcastrt1.yourdomain.com

log file /var/log/pimd

log stdout

no ipv6 forwarding

ip multicast rpf-lookup-mode longer-prefix

ip pim rp 69.50.112.254 224.0.0.0/4

ip mroute 69.50.112.0/25 10.247.x.xx

no service integrated-vtysh-config

!

ip route 69.50.112.0/25 10.247.4.145

ip route 69.50.112.254/32 10.247.x.xx

!

interface dummy255

 description test-dummy-interface-for-joins

 ip igmp

 ip igmp join 224.0.28.85

 ip igmp version 2

 ip pim

 multicast

!

interface gre1

 description CME MDP GRE-tunnel

 ip pim

 multicast

!

interface pimreg

 ip pim

 multicast

!

line vty

!

end


The dummy255 interface was crafted for testing and before enable igmp for the LAN interface.











NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o

        /  \
Posted by at No comments:

Tuesday, June 15, 2021

fortios how to recover ipsec-vpn PSK string in text format

 One of the colleague was working on fortios conversion and needed a means to gather the existing PSK from the vpn ipsec in text format. 




Here's a simple method for extracting this details by using a API call


The API entry point is ;

"https://x.x.x.x/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1?


The full http get would look like the following ;

curl -k -H "Authorization: Bearer zw7q8QyGrHwtfrn8tkGyfNbnGGN7js" "https://192.168.1.99/api/v2/cmdb/vpn.ipsec/phase1-interface?plain-text-password=1?access_token=zw7q8QyGrHwtfrn8tkGyfNbnGGN7js"

The output and field for "psksecret": will show the text value.



That's a simple method to reverse the encrypted field to cleartext for VPN PSK.







Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o
        /  \



Posted by at No comments:
Subscribe to: Posts (Atom)